Two officers with Russia’s intelligence service (at least one who works in a unit designed to fight cybercrime) directed a far-reaching hacking and espionage scheme that targeted Yahoo users, swiping personal information from hundreds of millions of people, including accounts belonging to Russian and U.S. government officials, the U.S. Department of Justice announced this morning.
This marks the first time Russian government officials have been charged by the U.S. for a cybercrime, a breach which officials say affected at least 500 million accounts. Officials said some of the information had intelligence value but some was also leveraged for financial gain.
“The defendants targeted Yahoo accounts of Russian and U.S. government officials, including cybersecurity, diplomatic and military personnel,” said the head of the DOJ’s National Security Division, Mary McCord. “They also targeted Russian journalists; numerous employees of other providers whose networks the conspirators sought to exploit; and employees of financial services and other commercial entities.”
Just before this morning’s announcement, McCord attended a cyberevent in Washington, D.C., where at least three Russian diplomats were in the audience. When the moderator mentioned “Russian hackers,” the head of the Russian Embassy’s military political section, Konstantin Serednyakov, visibly chuckled.
The FSB officers, Dmitry Dokuchaev, and his boss, Igor Sushchin, who had cover as the head of info security at a Russian financial firm, allegedly hired two hackers, Alexsey Belan and Karim Baratov to help carry out the scheme. Baratov, a Canadian and Kazakh national, was arrested in Canada on Wednesday while the three other remain fugitives in Russia.
Belan, who remains a fugitive, has been wanted by the FBI since 2012 for allegedly stealing databases from three companies in 2012 and then helping negotiate the sale of that information.
In a twist, the FSB unit Dokuchaev works for, the Center for Information Security, aka Center 18, “is also the FBI’s point of contact in Moscow for cybercrime matters,” said McCord.
“The involvement and direction of FSB officers with law enforcement responsibilities makes this conduct that much more egregious. There are no free passes for foreign state-sponsored criminal behavior,” she added.
In 2014, at the behest of FSB officers, Belan allegedly led an operation that stole a Yahoo database that contained info on more than 500 million Yahoo user accounts. They were ultimately able to access the full contents of more than 6,500 Yahoo user accounts, DOJ officials said.
At the same time, the FSB officers and Belan allegedly hired Baratov to use the info from the Yahoo accounts to try to access 50 specific Gmail accounts, and another 30 accounts from other companies. Many of these 80 targets were inside Russia.
The DOJ alleged that Dokuchaev and Sushchin “protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the U.S. and elsewhere … They worked with co-defendants Alexsey Belan and Karim Baratov to obtain access to the email accounts.”
Belan was named one of the FBI’s cyber most wanted criminals in November 2013. Belan was indicted twice in the U.S. for intrusions into e-commerce companies, McCord said this morning. Belan was arrested in Europe in June 2013 on a request from the U.S., but he fled to Russia before he could be extradited.
The Justice Department said in a statement that when Belan returned to Russia, instead of detaining him, Russian agents Dokuchaev and Sushchin “used him to gain unauthorized access to Yahoo’s network.”
In late 2014, according to that statement, “Belan stole a copy of at least a portion of Yahoo’s User Database (UDB), a Yahoo trade secret that contained, among other data, subscriber information, including users’ names, recovery email accounts, phone numbers and certain information required to manually create, or ‘mint,’ account authentication web browser ‘cookies’ for more than 500 million Yahoo accounts.”
“Belan used his relationship with the two FSB officers and his access to Yahoo to commit additional crimes to line his own pockets with money,” McCord said this morning. “Specifically, Belan used his access to Yahoo to search for and steal financial information, such as gift card and credit card numbers, from users’ email accounts. He also gained access to more than 30 million Yahoo accounts, whose contacts were then stolen to facilitate an email spam scheme.”
The DOJ said, “When Dokuchaev and Sushchin learned that a target of interest had accounts at webmail providers other than Yahoo, including through information obtained as part of the Yahoo intrusion, they tasked their co-conspirator, Baratov, a resident of Canada, with obtaining unauthorized access to more than 80 accounts in exchange for commissions.”
The Department of Justice said that during the conspiracy, the two FSB officers furthered “Belan’s other criminal activities, by providing him with sensitive FSB law enforcement and intelligence information that would have helped him avoid detection by U.S.”
(Source: WABC)
One Response
I always wonder just how does this really happen:
> Belan was arrested in Europe in June 2013 on a request from the U.S., but he fled to Russia before he could be extradited.
So despite having been apprehended, Belan apparently all by himself, this one person geek, allegedly outsmarts Europe and end escapes?
I also have to mention that 2012, the same year as Belan, Obama literally ridiculed (famous ridicule “the 1980’s are calling for their foreign policy back … the cold war has been over for 20 years”) Romney for the latter’s concerns about Russian danger.